The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-40900 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails. | MEDIUM | Jun 27, 2022 | n/a |
| CVE-2021-40901 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails. | MEDIUM | Jun 27, 2022 | n/a |
| CVE-2021-40902 | flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the Create New Page option through the index page. | LOW | Jun 17, 2022 | n/a |
| CVE-2021-40903 | A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static. | HIGH | Jun 18, 2022 | n/a |
| CVE-2021-40904 | The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator. | MEDIUM | Mar 25, 2022 | n/a |
| CVE-2021-40905 | The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of .mkp files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner | MEDIUM | Mar 25, 2022 | n/a |
| CVE-2021-40906 | CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication. | MEDIUM | Mar 25, 2022 | n/a |
| CVE-2021-40907 | SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php. | HIGH | Jan 28, 2022 | n/a |
| CVE-2021-40908 | SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. | HIGH | Jan 28, 2022 | n/a |
| CVE-2021-40909 | Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud. | MEDIUM | Jan 28, 2022 | n/a |
| CVE-2021-40910 | There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side. | MEDIUM | Jun 15, 2022 | n/a |
| CVE-2021-40921 | Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter. | MEDIUM | Oct 4, 2021 | n/a |
| CVE-2021-40922 | Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter. | MEDIUM | Oct 4, 2021 | n/a |
| CVE-2021-40923 | Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter. | MEDIUM | Oct 4, 2021 | n/a |
| CVE-2021-40924 | Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter. | MEDIUM | Oct 4, 2021 | n/a |
| CVE-2021-40925 | Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER[PHP_SELF] parameter. | MEDIUM | Oct 4, 2021 | n/a |
| CVE-2021-40926 | Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter. | MEDIUM | Oct 4, 2021 | n/a |
| CVE-2021-40927 | Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter. | MEDIUM | Oct 4, 2021 | n/a |
| CVE-2021-40928 | Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter. | MEDIUM | Oct 4, 2021 | n/a |
| CVE-2021-40940 | Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability. | HIGH | Jun 15, 2022 | n/a |
| CVE-2021-40941 | In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS). | MEDIUM | Jun 28, 2022 | n/a |
| CVE-2021-40942 | In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS). | MEDIUM | Jun 28, 2022 | n/a |
| CVE-2021-40943 | In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS). | MEDIUM | Jun 28, 2022 | n/a |
| CVE-2021-40944 | In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS). | MEDIUM | Jun 28, 2022 | n/a |
| CVE-2021-40954 | Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code. | HIGH | Jun 23, 2022 | n/a |
| CVE-2021-40955 | SQL injection exists in LaiKetui v3.5.0 the background administrator list. | MEDIUM | Jun 23, 2022 | n/a |
| CVE-2021-40956 | LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained. | MEDIUM | Jun 23, 2022 | n/a |
| CVE-2021-40960 | Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow. | HIGH | Oct 7, 2021 | n/a |
| CVE-2021-40961 | CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the \'. | MEDIUM | Jun 9, 2022 | n/a |
| CVE-2021-40964 | A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the fullpath parameter containing path traversal strings (../ and ..\\) in order to escape the server\'s intended working directory and write malicious files onto any directory on the computer. | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-40965 | A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker. | HIGH | Sep 15, 2021 | n/a |
| CVE-2021-40966 | A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server. | LOW | Sep 15, 2021 | n/a |
| CVE-2021-40968 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter. | MEDIUM | Oct 4, 2021 | n/a |
| CVE-2021-40969 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. | MEDIUM | Oct 2, 2021 | n/a |
| CVE-2021-40970 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. | MEDIUM | Oct 4, 2021 | n/a |
| CVE-2021-40971 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter. | MEDIUM | Oct 4, 2021 | n/a |
| CVE-2021-40972 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. | MEDIUM | Oct 4, 2021 | n/a |
| CVE-2021-40973 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. | MEDIUM | Oct 4, 2021 | n/a |
| CVE-2021-40975 | Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title parameter. | MEDIUM | Oct 4, 2021 | n/a |
| CVE-2021-40978 | The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1 | MEDIUM | Oct 8, 2021 | n/a |
| CVE-2021-40981 | ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\\ASUS\\GamingCenterLib directory. | MEDIUM | Oct 1, 2021 | n/a |
| CVE-2021-40985 | A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. | MEDIUM | Nov 5, 2021 | n/a |
| CVE-2021-40986 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | HIGH | Oct 15, 2021 | n/a |
| CVE-2021-40987 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | HIGH | Oct 15, 2021 | n/a |
| CVE-2021-40988 | A remote directory traversal vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | HIGH | Oct 15, 2021 | n/a |
| CVE-2021-40989 | A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | HIGH | Oct 15, 2021 | n/a |
| CVE-2021-40990 | A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | MEDIUM | Oct 15, 2021 | n/a |
| CVE-2021-40991 | A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | MEDIUM | Oct 15, 2021 | n/a |
| CVE-2021-40992 | A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | MEDIUM | Oct 15, 2021 | n/a |
| CVE-2021-40993 | A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | MEDIUM | Oct 15, 2021 | n/a |
